Headline
CVE-2023-31143: [dy] Fix terminal user authentication (#2586) · mage-ai/mage-ai@f63cd00
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.
@@ -1,6 +1,7 @@ import Ansi from 'ansi-to-react’; import { useCallback, useEffect, useMemo, useRef, useState } from 'react’;
import AuthToken from '@api/utils/AuthToken’; import ClickOutside from '@oracle/components/ClickOutside’; import Text from '@oracle/elements/Text’; import { Expand All @@ -26,6 +27,7 @@ import { KEY_CODE_META, KEY_CODE_V, } from '@utils/hooks/keyboardShortcuts/constants’; import { OAUTH2_APPLICATION_CLIENT_ID } from '@api/constants’; import { onlyKeysPresent } from '@utils/hooks/keyboardShortcuts/utils’; import { pauseEvent } from '@utils/events’; import { useKeyboardContext } from '@context/Keyboard’; Expand Down Expand Up @@ -58,6 +60,14 @@ function Terminal({
const [stdout, setStdout] = useState<string>();
const token = useMemo(() => new AuthToken(), []); const oauthWebsocketData = useMemo(() => ({ api_key: OAUTH2_APPLICATION_CLIENT_ID, token: token.decodedToken.token, }), [ token, ]);
useEffect(() => { if (lastMessage) { const msg = JSON.parse(lastMessage.data); Expand Down Expand Up @@ -122,12 +132,10 @@ function Terminal({ }, [command]);
const sendCommand = useCallback((cmd) => { sendMessage(JSON.stringify([ 'stdin’, cmd, ])); sendMessage(JSON.stringify([ 'stdin’, '\r’, ])); sendMessage(JSON.stringify({ …oauthWebsocketData, command: ['stdin’, cmd + ‘\r’], })); if (cmd?.length >= 2) { setCommandIndex(commandHistory.length + 1); setCommandHistory(prev => prev.concat(cmd)); Expand Down Expand Up @@ -174,12 +182,14 @@ function Terminal({ pauseEvent(event); if (onlyKeysPresent([KEY_CODE_CONTROL, KEY_CODE_C], keyMapping)) { if (command?.length >= 0) { sendMessage(JSON.stringify([ 'stdin’, command, ])); sendMessage(JSON.stringify([ 'stdin’, '\x03’, ])); sendMessage(JSON.stringify({ …oauthWebsocketData, command: ['stdin’, command], })); sendMessage(JSON.stringify({ …oauthWebsocketData, command: ['stdin’, ‘\x03’], })); setCursorIndex(0); } setCommand(‘’); Expand Down
Related news
### Impact You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions. ### Patches The vulnerability has been resolved in Mage version 0.8.72.